package com.ibm.ws.management.util;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.AdminClient;
import com.ibm.websphere.management.AdminClientFactory;
import com.ibm.websphere.management.ObjectNameHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.kerberos.KerberosPolicy;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Properties;
import java.util.Set;
import javax.management.ObjectName;
import javax.security.auth.Subject;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/management/util/AdminKerberosHelper.class */
public class AdminKerberosHelper {
    private static final TraceComponent tc = Tr.register(AdminKerberosHelper.class);
    private static AdminKerberosHelper cm = null;
    private static HashMap kpCache = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/management/util/AdminKerberosHelper$AdminClientGetMBeanAction.class */
    public class AdminClientGetMBeanAction implements PrivilegedExceptionAction {
        Properties props;

        public AdminClientGetMBeanAction(Properties properties) {
            this.props = null;
            this.props = properties;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                AdminClient createAdminClient = AdminClientFactory.createAdminClient(this.props);
                Set queryNames = createAdminClient.queryNames(new ObjectName("WebSphere:type=SecurityAdmin,process=" + getProcessName(createAdminClient) + ",*"), null);
                if (!queryNames.isEmpty()) {
                    return (ObjectName) queryNames.iterator().next();
                }
                if (AdminKerberosHelper.tc.isEntryEnabled()) {
                    Tr.exit(AdminKerberosHelper.tc, "retrieveKerberosPolicy (can't get SecurityAdmin)");
                }
                throw new Exception("retrieveKerberosPolicy can't get SecurityAdmin MBean");
            } catch (Exception e) {
                Tr.debug(AdminKerberosHelper.tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.management.util.AdminKerberosHelper.AdminClientGetMBeanAction.run", "383", this);
                throw e;
            }
        }

        private String getProcessName(AdminClient adminClient) {
            if (AdminKerberosHelper.tc.isEntryEnabled()) {
                Tr.entry(AdminKerberosHelper.tc, "getProcessName");
            }
            ObjectName objectName = null;
            String str = null;
            try {
                objectName = adminClient.getServerMBean();
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.management.util.AdminKerberosHelper.AdminKerberosPolicyAction.getProcessName", "404", this);
            }
            if (objectName != null) {
                str = ObjectNameHelper.getProcessName(objectName);
            }
            if (AdminKerberosHelper.tc.isEntryEnabled()) {
                Tr.exit(AdminKerberosHelper.tc, "getProcessName -> " + str);
            }
            return str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/management/util/AdminKerberosHelper$AdminKerberosPolicyAction.class */
    public class AdminKerberosPolicyAction implements PrivilegedExceptionAction {
        Properties props;
        ObjectName securityAdminMBean;

        public AdminKerberosPolicyAction(Properties properties, ObjectName objectName) {
            this.props = null;
            this.securityAdminMBean = null;
            this.props = properties;
            this.securityAdminMBean = objectName;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                byte[] bArr = (byte[]) AdminClientFactory.createAdminClient(this.props).invoke(this.securityAdminMBean, "getKerberosPolicy", new Object[0], new String[0]);
                if (bArr != null) {
                    return new KerberosPolicy(bArr);
                }
                if (!AdminKerberosHelper.tc.isDebugEnabled()) {
                    return null;
                }
                Tr.debug(AdminKerberosHelper.tc, "Returning null KerberosPolicy.");
                return null;
            } catch (Exception e) {
                Tr.debug(AdminKerberosHelper.tc, "Exception received: ", new Object[]{e});
                FFDCFilter.processException(e, "com.ibm.ws.management.util.AdminKerberosHelper.AdminClientCertificateAction.run", "339", this);
                throw e;
            }
        }
    }

    public static synchronized AdminKerberosHelper getInstance() {
        if (cm == null) {
            cm = new AdminKerberosHelper();
        }
        return cm;
    }

    public void clearKerberosPolicyFromCache(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clearKerberosPolicyFromCache");
        }
        String str3 = str + ":" + str2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up KerberosPolicy from cacheKey: " + str3);
        }
        if (((KerberosPolicy) kpCache.get(str3)) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found kerberos policy in cache, removing it.");
            }
            kpCache.remove(str3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clearKerberosPolicyFromCache");
        }
    }

    public KerberosPolicy checkCacheForKerberosPolicy(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkCacheForKerberosPolicy", new Object[]{DebugUtils.createPropertiesMaskPlainTextPassword(properties)});
        }
        KerberosPolicy kerberosPolicy = null;
        try {
        } catch (Exception e) {
            Tr.debug(tc, "Exception received: ", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.management.util.AdminKerberosHelper.checkCacheForKerberosPolicy", "133", this);
        }
        if (properties == null) {
            throw new IllegalArgumentException("Connector properties specified are null.");
        }
        String property = properties.getProperty("host");
        String property2 = properties.getProperty("port");
        if (property == null || property2 == null) {
            throw new IllegalArgumentException("Connector properties specified do not have a valid \"host\" and \"port\" property.");
        }
        String str = property + ":" + property2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up kerberos policy from cacheKey: " + str);
        }
        kerberosPolicy = (KerberosPolicy) kpCache.get(str);
        if (kerberosPolicy != null && tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveKerberosPolicy (found in cache)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "checkCacheForKerberosPolicy");
        }
        return kerberosPolicy;
    }

    public KerberosPolicy retrieveKerberosPolicy(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "retrieveKerberosPolicy", new Object[]{DebugUtils.createPropertiesMaskPlainTextPassword(properties)});
        }
        KerberosPolicy kerberosPolicy = null;
        try {
        } catch (Exception e) {
            Tr.debug(tc, "Exception received: ", new Object[]{e});
            FFDCFilter.processException(e, "com.ibm.ws.management.util.AdminKerberosHelper.retrieveKerberosPolicy", "223", this);
        }
        if (properties == null) {
            throw new IllegalArgumentException("Connector properties specified are null.");
        }
        String property = properties.getProperty("host");
        String property2 = properties.getProperty("port");
        if (property == null || property2 == null) {
            throw new IllegalArgumentException("Connector properties specified do not have a valid \"host\" and \"port\" property.");
        }
        String str = property + ":" + property2;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Looking up kerberos policy from cacheKey: " + str);
        }
        kerberosPolicy = (KerberosPolicy) kpCache.get(str);
        if (kerberosPolicy == null) {
            try {
                Subject createUnauthenticatedSubject = ContextManagerFactory.getInstance().createUnauthenticatedSubject();
                kerberosPolicy = (KerberosPolicy) ContextManagerFactory.getInstance().runAsSpecified(createUnauthenticatedSubject, new AdminKerberosPolicyAction(properties, (ObjectName) ContextManagerFactory.getInstance().runAsSpecified(createUnauthenticatedSubject, new AdminClientGetMBeanAction(properties))));
                if (kerberosPolicy != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found a kerberos policy and adding it using cacheKey: " + str);
                    }
                    kpCache.put(str, kerberosPolicy);
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "An attempt to get the target's kerberos policy failed.");
                }
            } catch (Exception e2) {
                Tr.debug(tc, "Exception calling adminClientCertificateAction: " + e2.getMessage());
                throw e2;
            }
        } else if (tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveKerberosPolicy (cache)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "retrieveKerberosPolicy (lookup)", new Object[]{kerberosPolicy});
        }
        return kerberosPolicy;
    }

    AdminKerberosHelper() {
    }
}
